CVE-2024-50634
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Nov 8, 2024
Updated: Nov 14, 2024
CWE ID 319
Summary
CVE-2024-50634 is a newly disclosed vulnerability that affects Watcharr versions 1.43.0 and below. The issue stems from a weakly implemented JWT (JSON Web Token) authentication mechanism. Malicious actors can exploit this vulnerability by crafting JWT tokens to bypass authentication checks, leading to privilege escalation. This goes beyond mere privilege escalation, as all functions relying on authentication are susceptible to being manipulated.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Watcharr